Publicly accessing AWS RDS from outside VPC

Question

I have a VPC configured with 3 X public and private subnets and an IGW for the public, NAT Gateway for the private.

When I create an RDS instance, I flag it as publically available. When I try to access the RDS endpoint, my connection fails.

I have created a security group to allow all traffic: 0.0.0.0/0, my VPC allows traffic coming from my network.

If I place my RDS in the public subnet, then I can connect as the IGW allows the connection. But when it is placed in the private subnet, the connection fails?

I have reviewed a fair bit of material on AWS and forums - but I cannot seem to finalise the connection. Is there something I am missing in the configuration?

Any help would be greatly appreciated.

Cheers.

Answer 1

What i found is that my VPC had 2 private and 2 public subnets and RDS postgres was using all of these 4. I had to create a new subnet group inside RDS with only public subnets and moved the RDS postgres from one VPC to different VPC and moved back to original VPC in the newly created subnet group

Answer 2

After looking into setting up an RDS instance with a connection outside the VPC to a client/application, I came across the following:

AWS suggests the following connections to an RDS:

1. An EC2 instance in the Same VPC
2. An EC2 instance in a different VPC
3. An EC2 instance not in a VPC
4. A client application through the Internet

Without using an EC2, you would have to place the RDS in a public subnet with an Internet Gateway attached and security group set up for incoming traffic.

Here is a reference link for you - A DB Instance in a VPC Accessed by a Client Application Through the Internet